[Phpgroupware-users] security/passwords

From:

Ralf Utermann

Subject:

[Phpgroupware-users] security/passwords

Date:

Wed, 26 Mar 2003 10:41:55 +0100

User-agent:

Mutt/1.4i

Hi,
two questions concerning passwords in phpgw:
- it looks like phpgw keeps the passwords' md5-hash in its
phpgw_accounts table even if I authenticate against email.
In this case I would prefer that phpgw doesn't keep it -- is
this configurable somewhere?
- The users' passwords during a session are kept in the
the kp3 cookie, right? How does the encrypt/decrypt work?
If I never use an application like email (and thus, the
password is never needed) does phpgw nevertheless store it
in the cookie? Could one add an option to set set 'secure flag'
on this cookie?
Bye, Ralf
--
Ralf Utermann
_____________________________________________________________________
Universität Augsburg, Institut für Physik -- EDV-Betreuer
Universitätsstr.1
D-86135 Augsburg Phone: +49-821-598-3231
SMTP: address@hidden Fax: -3411